US Intel Director says Prism 'is not a data mining programme'

US Director of National Intelligence James Clapper insists the National Security Agency’s PRISM programme is “not an undisclosed collection or data mining program” but instead “an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information.”

Medill DC/Flickr/CC BY 2.0

Following a storm of media headlines and company denials,
he-saids and he-saids, the US Director of National Intelligence has
entered the fray to release a statement setting the record straight
on the nature of its Prism programme, sort of.

"Prism is not an undisclosed collection or data mining
programme," James R. Clapper, wrote in the three-page statement (.PDF) released late on 8 June.

"It is an internal government computer system used to facilitate
the government's statutorily authorised collection of foreign
intelligence information from electronic communication service
providers under court supervision," he wrote.

The statement brought hours of Twitter speculation to an end,
but still left unanswered many pressing questions about how the
government uses FISA to conduct surveillance and obtain records and
why the secret FISA Court found in 2011 that the government was in
violation of the spirit of FISA in conducting its collection
activities.

Directly addressing the inaccuracies in articles published by
the Guardian and Washington Post,
which asserted that Prism was a bulk-collection programme that
allowed the National Security Agency to tap directly into the
servers of nine internet companies, including Google, Facebook, and
Yahoo, Clapper wrote that in a rush to publish "there are
significant misimpressions that have resulted from the recent
articles."

"Not all the inaccuracies can be corrected without further
revealing classified information," he said. "I have, however,
declassified for release the attached details about the recent
unauthorised disclosures in hope that it will help dispel some of
the myths and add necessary context to what has been
published."

The CEOs of Google and Facebook denied that the government had a backdoor into their
systems or that they provided the government with bulk data. Other
companies listed by the Guardian and
Washington Post as being part of the programme denied
participating in it as well. The newspapers based their reporting
on a 41-slide PowerPoint presentation obtained via whistleblower
Edward Snowden, which apparently made assertions that the two media
outlets misinterpreted to mean the NSA had direct access to private
company servers.

The details are sparse in Clapper's FAQ and don't really shed
much more light on the Prism system, focusing more on justifying
the government's data collection activities than explaining how
much data gets collected by the system.

But he does say that Prism is essentially a government software
tool for facilitating the collection of targeted acquisition of
information concerning foreign targets located outside the United
States, as authorised by Section 702 of the Foreign Intelligence
Surveillance Act.

Though he doesn't elaborate on the nature of the tool, privacy
experts like independent technologist Ashkan Soltani have
speculated, based on published descriptions of the system, that it
is likely some kind of API to automate the process of submitting
court orders to the internet companies and receiving their
responses and data.

It's "basically a data-ingestion API," he told
Mashable for submitting FISA data requests and getting
responses in a machine-readable form.

Left unsaid in the government's FAQ is exactly how targeted the
FISA requests are and how much data it obtains each year from using
them. Companies like Google and Facebook are prohibited from
disclosing even generic statistics on the numbers of FISA requests
they get each year, or the number of Gmail account holders and
Google search users, to name just two of Google's services, that
are affected by the requests.

All that's known about FISA requests are disclosed in an annual
report by the Justice Department to Congress, which gives only a
bare-bone stat. In 2012, we know from that report, the government
made 1,856 applications to the Foreign Intelligence Surveillance
Court to obtain records. None of those requests for electronic
surveillance were denied by the court. That figure was about 5
percent higher than the 1,745 applications in 2011.

Senators Ron Wyden and Mark Udall revealed the existence of the
opinion, but have been unable to discuss it publicly. The FISA
Court reportedly found that the government's collection activities
under FISA Section 702 "circumvented the spirit of the law" and
violated the Fourth Amendment's prohibition on unreasonable
searches and seizures.